Does casting a spell from an Ioun Stone/Ring of Spell Storing require components?

Items such as the Reserved Ioun Stone and Ring of Spell Storing state that:

The spell uses the slot level, spell save DC, spell attack bonus, and spellcasting ability of the original caster, but is otherwise treated as if you cast the spell.

There is no mention of not needing components, which suggests that components are needed twice for these items: once to cast the spell into it and again when casting a spell from them.

Is this correct?

Can a Steel Defender or a Alchemical Homunculus use a Spell Storing Item?

I have seen from many different sources the thought process that you can have your Alchemical Homunculus or your Steel Defender use your spell storing item. This would let them take up concentration for an additional spell.

However the more I look into it the less I think you can. I wanted to get clarification from you folks.

Spell Storing item:

While holding the object, a creature can take an action to produce the spell’s effect from it, using your spellcasting ability modifier. If the spell requires concentration, the creature must concentrate.

Alchemical Homunculus:

In combat, the homunculus shares your initiative count, but it takes its turn immediately after yours. It can move and use its reaction on its own, but the only action it takes on its turn is the Dodge action, unless you take a bonus action on your turn to command it to take the action in its stat block or the Dash, Disengage, Help, Hide, or Search action.

Steel Defender:

In combat, the steel defender shares your initiative count, but it takes its turn immediately after yours. It can move and use its reaction on its own, but the only action it takes on its turn is the Dodge action, unless you take a bonus action on your turn to command it to take one of the actions in its stat block or the Dash, Disengage, Help, Hide, or Search action.

I added emphasis on only. This completely negates the ability to use the Spell Storing Item in combat doesn’t it?

Can a familiar’s greater steed(s) ‘Reincarnate’ with a Ring of Spell Storing?

Can a flock of Pegasii summoned mounts Reincarnate any humanoid with a (properly loaded) Ring of Spell Storing?

The points below are not really new per se but rather a cumulative-inductive discovery of StackExchange rulings. This is listed below:

  • A familiar &/or summoned mount can cast any spell from a Ring of Spell Storing.

  • A Ring of Spell Storing stores up to five spell-levels – thus fifth lvl max. (hence this includes Reincarnation)

  • The casting / catching of spells (specifically ‘Reincarnate’ in this case) does not seem to require components. Thus the 1000 gold worth of rare unguents is neither needed to ‘charge’ the ring, nor cast-use it.

  • Correct use of various summoning spells + Ring o’ SpellStore® allows each familiar &/or steed to have one (1) familiar + one (1) steed each, hence: Menagerie Ad nauseum.

Thus it seems that any character with previous access-planning to the right summoning and necromatic spells could have a flight of a few thousand loyal Pegasii striving to Reincarnate them (should they die).

If so: this seems impressive &/or surprising.

Is storing an encrypted 2FA backup on Bitwarden (a password manager) a good idea?

I am at the moment using Bitwarden and a separate 2FA app.

I am trying to figure out a way to be able to securely recover my access to credentials and 2FA in case my phone/laptop/other electronic devices get stolen or destroyed and am not sure if what I am doing is good enough.

The app I am using for 2FA allows for encrypted backups with a password. I use Bitwarden to manage my passwords and it also requires a 2FA code from the app.

Now I have a backup of the 2FA app on Bitwarden, where the master passwords for both are long and different (consisting of letters only). I modified the 2FA recovery code for Bitwarden (so that only I know how to read it) and store it on a piece of paper in my wallet and some other places.

My plan is if all goes wrong to gain access to Bitwarden through the recovery code and then download and restore the backup of the 2FA app, in order to regain access to the other places.

Do you think that is secure enough?

Encrypting salted password hash before storing in the database

I have read here, that instead of using pepper, it is better to encrypt hashed/salted passwords before storing in the database. Especially with Java, as there’s no library for salt/pepper, but just for salt hashing, and I’m not going to implement my own crypto in any way. Have questions about it:

  1. Is it true? Will it add security, if db server is on the another physical computer, and encryption keys are sored on the app server’s fs?
  2. If so, is it ok to use RSA for hash encryption?
  3. To check password in this case, is it better to read encrypted password from the DB, decrypt it, and then compare it to the hashed/salted one entered by user, or encrypt entered hashed/salted password and then compare with the encrypted value in the database? In this case, will it be the same as using another hash, as encrypted hash is never decrypted?

Thank you

Which Physical vault would be the better option for storing and monitoring the Master Password securely? and how to do that?

Need a solution to secure manage the access to the master password of a password management tool- last pass, that we would soon be rolling out requirment is 2 people in XY country and 2 people in AB Country (for business continuity) will need to participate in the process of accessing the master/ super admin password Which Physical vault would be the better option for storing and monitoring the Master Password securely?

Can you cast two spells from a Ring of spell storing during the same round using an action and a bonus action?

So I just got acquainted with the existence of Rings of spell storing.

I was wondering: If I had Beacon of Hope and Sanctuary stored in it, could I use the ring to cast both spells on the same turn? Or would it count as 2 actions instead of 1 action and 1 bonus action?

is bcrypt(strtolower(hex(md5(pass)))) ok for storing passwords?

I have a large database where passwords are stored as strtolower(hex(md5(pass))) (which is a bad way to store passwords, prone to rainbow tables, cheap to dictionary attack, no salt, etc), and I’m tasked with switching from md5 to bcrypt,

I have to use a bcrypt implementation that silently truncates after 72 bytes, and silently truncates on the first null byte (whichever comes first), and bcrypt(strtolower(hex(md5(pass)))) would not be prone to either of those issues.

Also it’s possible to retroactively apply bcrypt to existing strtolower(hex(md5(pass))) password hashes, without requiring everyone to re-login/switch passwords.

Is it a bad idea? I don’t think so, but still want to hear what security.SE has to say. Maybe there is something important I’m missing.